﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;

namespace WebApplication1
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
              

        }

        protected void btnlogin_Click(object sender, EventArgs e)
        {
            string connStr = (@"Data Source=.\SQLEXPRESS;Initial Catalog=CinemaKnights;Integrated Security=True;");
            System.Data.SqlClient.SqlConnection sqlconnetAdmin = null;
            System.Data.SqlClient.SqlConnection sqlconnetStudent = null;
            System.Data.SqlClient.SqlCommand MyCommAdmin = null;
            System.Data.SqlClient.SqlCommand MyCommStudent = null;

            sqlconnetAdmin = new System.Data.SqlClient.SqlConnection();
            sqlconnetStudent = new System.Data.SqlClient.SqlConnection();
            sqlconnetAdmin.ConnectionString = connStr;
            sqlconnetStudent.ConnectionString = connStr;
            MyCommAdmin = new System.Data.SqlClient.SqlCommand("", sqlconnetAdmin);
            MyCommStudent = new System.Data.SqlClient.SqlCommand("", sqlconnetStudent);

            MyCommAdmin.CommandType = System.Data.CommandType.Text;
            MyCommStudent.CommandType = System.Data.CommandType.Text;
            MyCommAdmin.CommandText = "SELECT * from [User] WHERE (Username = '" + txtusername.Text + "') AND (Password = '" + txtpassword.Text + "')";
            MyCommStudent.CommandText = "SELECT * from [Student] WHERE (StudentUsername = '" + txtusername.Text + "') AND (StudentPassword = '" + txtpassword.Text + "')";
            sqlconnetAdmin.Open();
            sqlconnetStudent.Open();

            System.Data.SqlClient.SqlDataReader result = MyCommAdmin.ExecuteReader(System.Data.CommandBehavior.CloseConnection);
            System.Data.SqlClient.SqlDataReader results = MyCommStudent.ExecuteReader(System.Data.CommandBehavior.CloseConnection);

            //Admin
            if (result.HasRows == false)
            {

                lblStatus.Text = "Username and Password is Invalid!";

            }
            else
            {
                Session["Username"] = txtusername.Text;
                Response.Redirect("Admin.aspx");
            }

            //Student
            if (results.HasRows == false)
            {

                lblStatus.Text = "Username and Password is Invalid!";

            }
            else
            {
                Session["Username"] = txtusername.Text;
                Response.Redirect("ReservationPage.aspx");
            }
            results.Close();

        }

        protected void btnCancel_Click(object sender, EventArgs e)
        {
            txtusername.Text = "";
            txtpassword.Text = "";
        }

        protected void btnSignUP_Click(object sender, EventArgs e)
        {
            Response.Redirect("SignUp.aspx");
        }
    }
}
